DigitalOcean is excited to announce that select DigitalOcean products can now be used to host electronic Protected Health Information (ePHI)! This milestone allows Covered Entities and Business Associates, such as telehealth providers, healthcare software applications, and HealthTech organizations to build and scale sensitive workloads regulated under the U.S. Health Insurance Portability and Accountability Act (HIPAA) on the Developer Cloud leveraging select DigitalOcean covered products.
We understand how important it is to our customers to be able to host HIPAA workloads on select DigitalOcean services, so DigitalOcean conducted a rigorous review of our systems and services in accordance with HIPAA’s requirements to allow customers to host electronic Protected Health Information (ePHI) on covered products.
DigitalOcean maintains SOC 2, SOC 3, CSA STAR Level 1, and APEC PRP certifications. We also comply with all applicable laws. With a robust set of common controls that cover asset management, configuration management, data management, identity and access management, systems monitoring, network operations, risk management, and several more, we help to better protect customer data. These controls extend to customers running HIPAA workloads on covered DigitalOcean products. See all of DigitalOcean’s certifications >
Customers who wish to process HIPAA workloads on covered products must review and accept DigitalOcean’s Business Associate Agreement (BAA). Existing customers can request a BAA through their Customer Success representative while new customers can request a BAA by contacting sales.
DigitalOcean has published HIPAA Architecture Guidance to provide best practices to customers on how to use the covered product suite. To receive a copy of the HIPAA Architecture Guidance, please chat with an expert.
Have additional questions? Check out our new HIPAA information site for more information, frequently asked questions, and additional resources.